It turns out it wasn’t just users of the Zoom video conferencing app who were at risk of having their webcam hijacked.
A week after Zoom admitted it had handled the discovery of a privacy vulnerability its software poorly, and Apple pushed out a silent update to neutralise some of Zoom’s most outrageous behaviour, Mac users have received a further security update that protects against the same Zoom vulnerability in other video conferencing apps.
The apps, as listed by security researcher Karan Lyons, are all apps that have licensed Zoom’s technology and – like Zoom – created a localhost webserver on Macs that allowed the software to be reinstalled without explicit permission from users.
MRT update 1.46 now removes vulnerable web servers for Zoom, RingCentral, Telus Meetings, BT Cloud Phone Meetings, Office Suite HD Meeting, AT&T Video Meetings, BizConf, Huihui, UMeeting, Zhumu, and Zoom CN.
— Karan Lyons (@karanlyons) July 16, 2019
As I described when the security violation first came to light, it’s bad enough that users could be tricked into unexpectedly entering a video call but in some ways even worse than Zoom felt it had the right to install its software onto users’s Macs without their explicit permission.
That doesn’t just suck, it’s downright rude. I want to control whose apps get installed on my computer. A typical Mac user would believe that d ..
Support the originator by clicking the read the rest link below.
